django-DefectDojo: don't work migrations after update to 2.0

Slack us first! https://owasp.slack.com/archives/C2P5BA8MN/p1627056588112000 here is describe my problem ^

Be informative I upgraded from 1.15 to 2.0.3 I have deduplication on endpoints, and when I import scan I add id of endpoint. After update when script is importing scan it created new endpoint instead needed. My deduplication is broken.

Then I saw that I needed to apply migration. Results of migration here:

user@defect-dojo:/var/www/defectdojo$ docker exec b3847dcc9fee python manage.py migrate
[23/Jul/2021 18:47:33] INFO [dojo.models:3613] enabling audit logging
Operations to perform:
  Apply all migrations: admin, auditlog, auth, authtoken, contenttypes, django_celery_results, dojo, sessions, sites, social_django, tagging, watson
Running migrations:
  No migrations to apply.
  Your models have changes that are not yet reflected in a migration, and so won't be applied.
  Run 'manage.py makemigrations' to make new migrations, and then re-run 'manage.py migrate' to apply them.
user@defect-dojo:/var/www/defectdojo$ docker-compose exec uwsgi ./manage.py migrate
[23/Jul/2021 18:48:53] INFO [dojo.models:3613] enabling audit logging
Operations to perform:
  Apply all migrations: admin, auditlog, auth, authtoken, contenttypes, django_celery_results, dojo, sessions, sites, social_django, tagging, watson
Running migrations:
  No migrations to apply.
  Your models have changes that are not yet reflected in a migration, and so won't be applied.
  Run 'manage.py makemigrations' to make new migrations, and then re-run 'manage.py migrate' to apply them.
user@defect-dojo:/var/www/defectdojo$ docker-compose exec uwsgi ./manage.py makemigrations
[23/Jul/2021 18:49:32] INFO [dojo.models:3613] enabling audit logging
Migrations for 'dojo':
  dojo/db_migrations/0114_auto_20210723_1849.py
    - Alter field default_issue_type on jira_instance
user@defect-dojo:/var/www/defectdojo$ docker-compose exec uwsgi ./manage.py migrate
[23/Jul/2021 18:49:50] INFO [dojo.models:3613] enabling audit logging
Operations to perform:
  Apply all migrations: admin, auditlog, auth, authtoken, contenttypes, django_celery_results, dojo, sessions, sites, social_django, tagging, watson
Running migrations:
  Applying dojo.0114_auto_20210723_1849... OK
user@defect-dojo:/var/www/defectdojo$ docker-compose exec uwsgi ./manage.py migrate
[23/Jul/2021 18:50:44] INFO [dojo.models:3613] enabling audit logging
Operations to perform:
  Apply all migrations: admin, auditlog, auth, authtoken, contenttypes, django_celery_results, dojo, sessions, sites, social_django, tagging, watson
Running migrations:
  No migrations to apply.
user@defect-dojo:/var/www/defectdojo$ docker-compose exec uwsgi ./manage.py makemigrations
[23/Jul/2021 18:50:52] INFO [dojo.models:3613] enabling audit logging
No changes detected
user@defect-dojo:/var/www/defectdojo$ docker-compose exec uwsgi ./manage.py endpoint_migration --dry-run
[23/Jul/2021 18:52:06] INFO [dojo.models:3613] enabling audit logging
[23/Jul/2021 18:52:07] INFO [dojo.endpoint.utils:198] There is not broken endpoint.
user@defect-dojo:/var/www/defectdojo$ docker-compose exec uwsgi ./manage.py endpoint_migration
[23/Jul/2021 18:52:47] INFO [dojo.models:3613] enabling audit logging
[23/Jul/2021 18:52:48] INFO [dojo.endpoint.utils:198] There is not broken endpoint.

My endpoints is: image here tags endpoints endpoint from 1.15, and without tags - creating when import is uploading. U can see, that old endpoints have //. It’s incorrect and migration is not edited it.

Bug description See describe. Migration is not applyed after update. When I importing scan report with findings, it’s create another endpoint for findings. image id_endpoint here is 28. But into findind I get new endpoint_id is 90. Deduplication with endpoint is not working.

Steps to reproduce Steps to reproduce the behavior:

  1. run DD 1.15 setup for DependencyCheck report endpoints into deduplication hash.
  2. Create endpoint http://tip.tip:0//test
  3. Import scan thought APIv2 with endpoint id above
  4. Upgrade DD to 2.0.3
  5. Some work with DD(uploading reports, delete new endpoints and new engagement that didn’t give deduplication)
  6. Apply migrations
  7. Upload report from 3.
  8. See findings, they have differrent endpoints. Dedup is not work.

Expected behavior Migration edited my endpoints. Hashsums of findings is recalculated. Import of findings is uploading correct, new findings setup dedup status.

Deployment method (select with an X)

  • [X ] Docker
  • Kubernetes
  • GoDojo
  • setup.bash / legacy-setup.bash

Environment information

  • Operating System: [e.g. Ubuntu 18.04]
  • DefectDojo Commit Message: [use git show -s --format="[%ci] %h: %s [%d]"]

Sample scan files (optional) If applicable, add sample scan files to help reproduce your problem.

Screenshots (optional) If applicable, add screenshots to help explain your problem.

Console logs (optional) If applicable, add console logs to help explain your problem.

Additional context (optional) Add any other context about the problem here.

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 19 (19 by maintainers)

Most upvoted comments

I try to reproduse it on copy of my environment

+1
zakrush on Jul 29, 2021
Read more comments on GitHub
← django-DefectDojo: docker-compose up fails with execution permission denied
django-DefectDojo: Endpoint with protocol length > 20 characters causes error in report uploads (Tested with nessus) →